PT-2022-3194 · Siemens · Teamcenter

Published

2022-05-10

Updated

2023-02-23

CVE-2022-29801

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Teamcenter versions prior to V12.4.0.13 Teamcenter versions prior to V13.0.0.9

Description The issue is related to incorrect restriction of XML links to external objects, which could allow an attacker to conduct XML External Entity (XXE) attacks. This vulnerability may enable a remote attacker to view files on the application server filesystem.

Recommendations For Teamcenter versions prior to V12.4.0.13, update to version V12.4.0.13 or later. For Teamcenter versions prior to V13.0.0.9, update to version V13.0.0.9 or later. As a temporary workaround, consider restricting XML external entity usage until a patch is available.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

BDU:2022-03879

CVE-2022-29801

Affected Products

Teamcenter

PT-2022-3194 · Siemens · Teamcenter

CVE-2022-29801

Weakness Enumeration

Related Identifiers

Affected Products

References · 6